What is external code execution in the insecure-external-code-execution
option on Dependabot?
#58657
-
Select Topic AreaQuestion BodyIn some
I'm curious what is external code execution in this explanation. I created a Ruby Gem that triggers an HTTP request when it's installed (the code is here), but it looks like not being prevented from accessing an external server. Even though I set Thanks, |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 2 replies
This comment was marked as off-topic.
This comment was marked as off-topic.
-
We are also puzzled about the actual effects and concrete risks to e.g. GITHUB_TOKEN of the repo that dependabot is running for. Here are the concrete questions:
|
Beta Was this translation helpful? Give feedback.
-
@bogn83 @yykamei you can understand why |
Beta Was this translation helpful? Give feedback.
@bogn83 @yykamei you can understand why
unexpected_external_code
can be raised by reading this: